Insecure Direct Object Reference Vulnerability in Kiteworks Product by Kiteworks
CVE-2026-24761

3.7LOW

Key Information:

Vendor: Kiteworks
Status: Secure Data Forms
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-24761?

An Insecure Direct Object Reference (IDOR) vulnerability was identified in Kiteworks Secure Data Forms. This allows authenticated users to access the metadata of resources owned by other users due to a lack of proper authorization checks on resource ownership. To mitigate this risk, it is recommended to upgrade to Kiteworks version 9.3.0 or later where the issue has been addressed.

Affected Version(s)

Secure Data Forms < 9.3.0

References

https://github.com/kiteworks/security-advisories/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jan 26, 2026

CVE-2026-24761 Data

JSON